A coalition of international internet service providers (ISPs) and European hackers have filed a legal complaint against GCHQ for their “attacking and exploitation of network infrastructure”.
The complaint, lodged with the Investigatory Powers Tribunal, claims that the British spy agency’s actions are “not only illegal, but are destructive [and] undermine the goodwill the organisations rely on.”
The complaint has been filed by Riseup (US), GreenNet (UK), Greenhost (Netherlands), Mango (Zimbabwe), Jinbonet (Korea), May First/People Link (US), the Chaos Computer Club (Europe’s largest association of hackers) and Privacy International.
Citing a number of articles from Der Spiegel and the Intercept, the companies accuse GCHQ of a number of damaging activites, including:
Targeting employees of Belgian telecommunications company Belgacom with malware through a highly developed attack named “Quantum Insert”
Using a number of “man on the side” attacks in collaboration with GCHQ to covertly inject data into existing connections to infect users
Creating an automated system named Turbine to control “millions of implants” by groups instead of as individuals Targeting three German internet exchange points with the NSA to spy on “all internet traffic coming through the nodes, and identify ‘important’ customers”
While the claimants were not named as direct targets in the Snowden leaks, they claim that “given the interconnectedness of the internet, the surveillance being carried out by GCHQ and NSA detailed in the articles could be carried out against any internet and communications providers."
Eric King, deputy director of Privacy International, said: "These widespread attacks on providers and collectives undermine the trust we all place on the internet and greatly endangers the world's most powerful tool for democracy and free expression."
Privacy International has previously filed two other cases against GCHQ, with the most recent forcing the government to issue a 48-page statement defending its mass surveillance practices.